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METHOD AND APPARATUS FOR 
SOFTWARE UCENSING ELECTRONICALLY 
DISTmBUTED PROGRAMS 

BACKGROUISTD OF THE INVENTION 

1. Field of the Invention 

The present invention relates to the field of use of com- 
puter software registration. More particularly, the present 
invention relates to secure registration of computer software. 

2. Description of Related Art 

The use of wide-area-networks such as the Internet to 
distribute software has become a very popular way to 
distribute software. The software can be programmed to 
be — until a license is purchased — either fiilly Pactional for 
a "trial period" of a certain duration, or partially functional. 
Providing potential customers the ability to download func- 
tional versions of a particular software allows access to an 
audience base that is limited only by the means of distribu- 
tion (e.g., the size of the audience which has access to the 
Internet). 

In addition, using networks to distribute demonstration or 
"demo" software is cost effective for the software company, 
as the company does not need to first place the demo 
software onto a distribution medium such as floppy disks or 
compact disk read-only-memory (CD-ROM) disks. 
Moreover, the company does not have to create or pay for 
packaging, nor maintain an inventory. The cost saving is 
especially beneficial in helping companies save marketing 
funds, which can be invested in other programs. 

However, these cost savings disappear when the company 
has to ensure that customers who download the software pay 
for the software. Companies which put functionally limited 
versions of their software on the network requires a cus- 
tomer to send in payment for the software before the 
customer is sent a fuUy functional version. These companies 
must maintain a stock of packaged software, exactly the 
problem that a network -based distribution method attempts 
to solve. 

Companies which put a time limit or other restrictions on 
their software require the customer to pay for a license 
before the customer is sent a "key code". The key code is 
entered into the program, which then unlocks any restric- 
tions. The problem associated with this scheme is that the 
same key code can be used for any copy of the software, so 
multiple individuals can unlock their respective copies of the 
software by simply purchasing one license and distributing 
the received key code amongst themselves. 

Thus, it would be preferrable to have a software distri- 
bution scheme that overcomes the problems associated with 
these methods. 

SUMMARY OF THE INVENTION 

A method including the steps of receiving a registration 
identifier for a client; generating a registration key based on 
the registration identifier; and transmitting the registration 
key to the client. 

BRIEF DESCRIFI10N OF THE DRAWINGS 

FIG. 1 is a block diagram of a client system and a vendor 
system configured in accordance to a preferred embodiment 
of the present invention. 

FIG. 2 is a flow diagram of the operation of the client 
system for initiating a request for registration of a software 
license. 
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FIG. 3 is a flow diagram of the operation of the server 
system in receiving the request of the client system and 
generating a registration key for the software on the client 
system. 

5 FIG. 4 is a flow diagram of the operation of the client 
system after it has received the registration key for the 
software. 

DETAILED DESCRIPTION OF THE 
30 INVENTION 

The present invention provides a method and apparatus 
for distributing software licenses. For purposes of 
explanation, specific embodiments are set forth to provide a 
thorough understanding of the present invention. However, 
it wiU be understood by one skilled in the art, from reading 
this disclosure, that the invention may be practiced without 
these details. Further, although the present invention is 
described through the use of software distribution over the 
Internet, most, if not aU, aspects of the invention apply to 
software distribution in general. Moreover, well-known 
elements, devices, process steps and the like are not set forth 
in detail in order to avoid obscuring the present invention. 

Through the use of public key cryptography, one-way 
hash functions and unique machine identification, software 
registration is provided which is individualized to a particu- 
lar computer. Thtis, software registration is "locked-in" to a 
particular computer and cannot be used on another 
computer — preventing the sharing of key codes. 

3Q In order to describe this system of software distribution, 
explanation is first provided below for public key 
cryptography, one-way hash functions and unique machine 
identification. 
Public Key Cryptography 

35 Public key cryptography provides the ability for two 
parties to send information securely between themselves. 
Unlike symmetrical cryptography, which requires a shared 
secret key, public key cryptography uses one key, a "public" 
key, to encode information and another complementary key, 

4g a "private key" to decode encrypted information. The secu- 
rity of the system lies in the method used to create the key 
pair and the belief that it is very difScult to determine the 
private key from the public key. 

In use, a user publishes the pubfic key and keeps the 

45 private key secret. Parties wishing to send a message to the 
user encrypt the message with the user's published public 
key and send it to the user. Upon receiving the encrypted 
message, the user decrypts the message with the user's 
private key, thereby recovering the original message. 

5Q The user can also "sign" a document by tising the user's 
private key. The user would encrypt the message with the 
private key, and other parties would decrypt the message 
with the user's public key. Only documents encrypted with 
the user's private key will be intelligible when decrypted 

55 with the user's public key. 

Mathematically, encryption is represented by: 

60 and decryption is: 

where M is the original message, C is the encrypted 
65 message, kl is the public key, k2 is the private key, EQ is the 
encryption function and DQ is the decryption function. For 
signing of documents, the keys used would be reversed. 
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One-Way Hash Functions Equality test procedure 70 is used to verify that the 

A one-way hash function is a fonction which cannot be decrypted version of the re^tration key stored in registra- 

easily reversed. Specifically, given an input, an output is tioo storage unit 68 is equivalent to the one-way hashed 

easy to generate, but given the output, the input is practicaUy l^^l"^^^ machine unique ideiitifier (U) 58, as generated by 

-LI . r . Ai • ; * r iju r hash function H(U) 60. Equahty test procedure 70 IS inter- 

impossible to reconstruct. Also, given an out^^^^ 5 ^^^^^ ^^^^J^ ^ ^J^^^^^^^^^ fimctionality of 

very difficult to generate input data which hashes to the software 72 based on the output of equality test procedure 

output value. One-way hash functions can output more, less, -jq discussed below. 

or the same amount of information (e.g., number of bits) Continuing to refer to FIG. 1, vendor system 80 contains 

from a given input. To be useful, the hash function should a network adapter 82 which is used to communicate with 

return practically unique values for a given input. Usually, 10 network adapter 54 of client system 50 through a network 

the hash values have less information than the input data. 96. Network 96 can be a general purpose network such as the 

One-way hash functions are useful in constructing "sig- Internet or a local-area-network containing two or more 

natures" of documents. For example, if user A has a systems. 

document, and user B wants to prove to user A that he has Vendor system 80 also contains a CPU 84, which can be 

the same document, user B can run an agreed upon one-way is ^ general purpose processor, coupled to network adapter 82. 

hash function and send the result to user A, who can run the ^}J^ to be noted that CPU 84 and CPU 52 of chent system 

same one-way hash function and compare hash values. If ^0 can also be custom integrated circuits, 

they match, Lr A has strong evidence that user B has a ^,^P^^ "^r^^^,*^ adapter 82 and CPU 84 is a 

^ ^ . • , . * memory 86. Memory 86 of vendor system and memory 56 

copy of the same document. r i • , , en i u i a , * 

\\ , . .1 t . t i- • ■ J. of client system 50 can also be general purpose data storage 

Mathematically, the hash ftiaction is represented by: 20 ^^^.^^^ or custom data storage devices such as integrated 

circuits and can be built into CPU 84 of vendor system 80 

s=H{Af) 311^ CPU 52 of client system 50, respectively. 

Memory 86 of vendor system 80 contains a decryption 

where M is the original message, HQ is the one-way hash procedure Dj^Q ^8; a registration number generator 90; and 

function, and S is the signature of the message. 25 encryption procedure E,JO 92, and secret key 94. 

Unique Machine Identification Decryption procedure 88 is functionally equivalent 

Modem operating systems support remote procedure calls to decryption procedure D^O 66 of client system 50. 
(RPC), which requires a unique method of identifying each Similarly, encryption procedure E^^O 92 is functionally simi- 
machine on a network. Thus, most operating systems lar to encryption procedure Ej^O 64 of client system 50. 
include a way of generating universal unique identifiers 30 However, vendor system 80 will use secret key K_, 94 and 
(UUID), which are unique in time and space. These UUID's decryption procedure D^tO 88 to decrypt the messages gen- 
have a well defined layout and have preallocated portions for crated by encryption procedure E^ 64 of client system 50 
location information, time information, and user defined (client system 50 using public key K^). Also, vendor system 
information. Every UUID created on a particular machine ^0 will use secret key K, 94 in encryption procedure EJ) 92 
will have the same values for the location bits. Therefore, 35 to authenticate messages which are sent to decryption pro- 
these bits can be used to uniquely identify a particular cedure D^Q 66 of chent system 50. 
machine Registration number generator 90 is used to verify user 
S*^. ^ ■ ' t payment information CC which is received from client 
^omvare Kegistration ^ ^^^^ ^^^^ payment is made, registration number 

FIG. 1 is a block diagram of a chent system 50 and a ^^^^rator will allow vendor system 80 to generate a regis- 

vendor system 80 configured in accordance with one 40 {J-^^jQp j^gy 

embodiment of the present invention. ^ ^^^^^^ 97 logicaUy represent the 

Qient 50 contains a CPU 52, which is a general purpose sending of data from encryption procedure E^ 64 of client 

processor, coupled to a network adapter 54. Also coupled to system 50 to decryption procedure D^tO of vendor system 

network adapter 54 and CPU 52 is a memory 56, which go, while a second dotted line 98 is used to logically 

stores the data and procedures which CPU 52 uses to 45 represent the sending of encryption procedure E/) 92 of 

operate. vendor system 80 to registration storage unit 68 of client 

Memory 56 of client system 50 contains a machine unique system 50. The actual data is sent over network 96 through 

identifier U 58; a hash function H(U) 60; a public key Kp 62; the use of network adapter 54 and network adapter 82. 

an encryption procedure Ej^ 64; a decryption procedure It is to be noted that although software 70 is shown to be 

D^ 66; a registration storage unit 68; an equality test 50 a separate functional block in FIG. 1, in alternate 

procedure 70 and software 72. embodiments, software 70 contains any combination of the 

As discussed above, machine unique identifier U 58 is a functional and storage elements contained in memory 56 of 

number that is unique to client system 50, and the size of chent system 50. 

machine unique identifier U 58 can be of any length, as FI^. 2 is a flow diagram of the operation of the software 

generated by client system 50. 55 registration system, as shown in FIG. 1, where the user 

Also, as discussed above, encryption procedure E^ 64 *° 'i^n^^V . ^'''^"''^n r . , . • 

J jr\/\£^ j. .J In block 100, client system 50 first determines machme 

decryption procedure Dd) 66 are used to encrypt and . n a . j l u- 

*^ ... AC umque identifier U 58. As noted above, machine unique 

deco'pt. respectively, messages which are received &om j^^^^jg^, U 58 is used lo uniquely identify client system 50 

vendor systeni . , ^ and is generated by using a built-in function of the operating 

Pubhc key is used with encryption procedure E^^ 64 60 ^^^^^^ machine unique identifier U 58 is determined, 

to create an encrypted version of a one-way hashed machme chent system 50 creates a one-way hashed vereion of 

unique identifier U 58, as described below. Public Key K^ 62 machine unique identifier U using hash function H(U) 60. 

is also used with decryption procedure D^O 66 to authenti- generation of the one-way hashed version of the 

cate any registration keys received from vendor system 80. machine unique identifier in block 100 provides a practically 

Registration storage unit 68 is used to store the registra- 65 unique registration code which does not allow the vendor 

tion key received from vendor system 80 for enabfing access to any sensitive machine information, such as the 

features of software 72. network card ID number. The use of one-way hash function 
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H(U) allows the registration identifier to be a fixed size, In block 116, vendor system 80 will transmit registration 

independent of how many bits of information are available key (T) to client system 50. As stated above, as registration 

in machine unique identifier U 58. A fixed size registration key (T) is an encrypted value of the one-way hashed value 

identified is useful for multi-platform products as each type of machine unique identifier U 58, registration key (T) can 

of platform may have a different number of location specific 5 be transmitted using any means, whether it is secure or 

bits in the UUID. unsecure. 

In block 102, client system 50 receives user payment and Further, as registration key (T) is specific for client system 

other transaction specific information (CC). This is infor- 50 and cannot be used by another system, the security of the 

mation appended to the one-way hashed version of the key system can be compromised and the protection provided 

machine unique identifier and is whatever transaction spe- by the system would still remain. 

cific information the vendor requires, such as the user's FIG. 4 illustrates the operation of client system 50 after 

name and credit card number. client system 50 has received registration key (T). 

In block 104, client system 50 generates a registration In block 120, client system 50 will store registration key 

identifier R by using this formula: (T) in registration storage unit 68 so that it can be accessed 

when needed. When software 72 needs to expose or hide 
15 ftinctionality based on the registration status, the current key 

M-N(U)+CC is loaded from this location, decrypted, and checked for 

/?-£■ (Af) correctness as discussed in block 122. Also, the next time 

software 72 runs or needs to decide if software 72 is a 

where H( ) is hash function 60; U is machine unique registered copy, client system 50 will go to block 122. 

identifier 58; CC is private, transaction specific information, 20 In block 122, equality test procedure 70 of client system 

such as the user's name and credit card number; M is the 50 will determine if registration key (T) comes from vendor 

one-way hashed machine unique identifier with private user system 80 by checking to see if the foUowing holds true: 
data appended (i.e., the "message"); Ejt( ) is encryption 

procedure 64; k^ is the published, public key; 62 and R is the DijiX)^H{U) 

generated registration identifier. As this information is 25 

encrypted using the published public key (Kp), it can only where: ) is decryption procedure 88; k^ is the published, 

be decrypted and read by vendor system 80 with the private public key 62; H( ) is the one-way hash function 60; U is 

key (KJ. machine unique identifier 58; and T is the registration key. 

In block 106, the registration identifier (R) is transmitted If the equality holds true, then operation will continue 

to vendor system 80. This can be done automatically by 30 with block 124. Otherwise, operation will continue with 

software 72, which is contained on client system 50 over the block 126. 

Internet, or a text representation of the registration identifier 'n block 124, client system 50 will aUow any functionality 

(R) can be generated and sent to the vendor to be processed in software 72 that was previously disabled, 

on vendor system 80. In block 126, as client system 50 has detected that 

As described, the information contained in registration 35 registration key (T) is not received from vendor system 80 

identifier (R) is encrypted before it is transmitted, so it can or is not valid, any functionality of software 72 that is not 

be transmitted using any method, either securely or non- accessible to non-paid users remain locked or hidden, 

securely. It is to be noted that any public key cryptography algo- 

FIG. 3 illustrates the operation of vendor system 80 where rilhm that can transmit arbitrary messages will work in the 

the client system 50 has transmitted registration identifier system. However, the security of the system is only as secure 

(R). as the cryptography algorithm. For public key cryptography 

In block 110, vendor system 80, upon receiving the systems, security increases as more bits are added to the key 

registration identifier (R), computes: (i e., the key length is increased). In a preferred embodiment, 

the key length is at least 512 bits. 
In order to prevent an attacker from trying to break the 

M^Dt^iR) 45 licensing scheme by modifying the executable code con- 

Hllfucc M taining the check which disables functionality, several alter- 

^ ^ ° nate embodiments are proposed, 

where R is the registration code; M is the one-way hashed Pi^^ all debug information should be removed from any 

machine identifier with private user data appended, recov- executable before distribution. This makes it harder for the 

ered by decrypting R (this is split into two parts to recover 50 attacker to fol ow the flow of control which checks the 

H(U) and CC); D^( ) is decryption procedure 88; and k, is registration code. ^ , r 

the secret, private key 94. ^^^^^^ T^^^P^^ P*^^^^. ^^'""^ 

1 ui / ^i'^ .u • * ' c /r>r^\ ' J* existence of a correct rcgislration key (T). This makes it 

In block 112 be pnvate user ^formation (CC). .s used to ^^^^ ,^ ^, .hf registration checks, 

verify payment for the software. Thjs veriflcat.on can be as ,hc registration chcclSig code can be obfuscated, 

simple as processing a credit card transaction or verifymg 55 ^ ^^J^^^ ^^^^^ ^^^^ 

that the user has sent in payment. complicated enough that it would be more cost effective to 

In block 114, after payment is received, vendor system 80 ■ ,,■ .u i n 

.,, . ^ ' just license the software legally. 

Will penerale* . . 

* ' Fourth, for even more security, the software itself could be 

encrypted with the private key and loaded, decrypted and 

T^EJji{U)) run using a second loader program. This method would be 

secure against all but the dumping of the binary image of the 

where E^O is encryption procedure 92 and T is the generated running executable out to a disk file and reconstructing a 

registration key. executable program file from a binary image. 

It is to be noted that as registration key (T) is based on a For maximum security, the operating system (OS) itself 

machine identifier which is unique for client system 50, even 65 could be enhanced to only execute encrypted executable 

if registration key (T) is compromised, it could not be used files. The OS would be shipped with the decryption key, but 

for another machine. the encryption key would remain secret. To execute a 
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program, it would have to be decrypted by the internal OS 
key. Since only the OS manufacturer would have the encryp- 
tion key, only programs encrypted by the OS manufacturer 
could be run. Obviously, this level of security would affect 
the way that software could be written and used. However 
some usage models, such as game machines where most 
software comes from one manufacturer and no software is 
written on the executing machine itself, could use this 
security method. 

In one alternate embodiment, time-limited licenses can be 
granted. Instead of simply decrypting and re-encrypting the 
unique machine identifier, an expiration date is added to the 
message. When client system 50 checks registration key (T), 
client system 50 also decrypts the expiration date and checks 
if the license has expired. 

In the ahernate embodiment, the following functions 
would be used on vendor system 80: 



H{U)+CC~M 
T-Ek,iH{U)+V) 

Where: R is the registration code; M is the one-way hashed 
machine identifier with private user data appended, recov- 
ered by decrypting R (this is spUt into two parts to recover 
H(U) and CC); V is the expiration date; E^^ ) is the 
encryption procedure; ) is the decryption procediu"e; k^ 
is the secret, private key; and, T is the generated registration 
key. 

In addition, on client system 50, the following function 
would be used: 



and, 

V has not expired, where: D,^ ) is the decryption proce- 
dure; k^ is the published, public key; H( ) is the one-way 
hash function; U is the machine unique identifier; T is the 
registration key; K is the machine identifier portion of the 
decrypted registration key; and V is the expiration date 
portion of the decrypted registration key. 

It is to be noted that the unique identifier does not have to 
be hashed before being transmitted. In addition, no private 
information has to be appended for payment purposes. In 
another alternate embodiment, only the unique identifier is 
transmitted. 

In yet another alternate embodiment, the unique identifier, 
U, is not machine specific but specific in another way, such 
as user or binary specific. A software distribution site could 
be set up to download executables that are identical except 
for an internal identifier. 

Alternatively, the software could be distributed with an 
installation program that set the executable's internal unique 
ID to some time or location specific value. Each user would 
get an equivalent binary file that required a different regis- 
tration key, but the registration process and key verification 
would be exactly as in the basic system. This would allow 
a user to install the software on multiple machines but not 
share the registration key with other users. If the unique 
identifier could be something person specific, such as a 
fingerprint, a voice print, or a handwriting signature, this 
alternate embodiment could be very attractive. 
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and a check performed to determine if the two following 
conditions hold true: 



35 



45 



50 



60 



65 



Using electronic "money*', the entire process could be 
automated. A Web server could process the payment with the 
registration identified and send the registration key back to 
the user (all over a secure channel such as Secure Socket 
Layer) within a single transaction. 

While the present invention has been particularly 
described with reference to the various figures, it should be 
understood that the figures are for illustration only and 
should not be taken as limiting the scope of the invention. 
Many changes and modifications may be made to the 
invention, by one having ordinary skill in the art, without 
departing from the spirit and scope of the invention. 

What is claimed is: 

1. A method comprising: 

receiving an encrypted registration identifier for a client, 
said registration identifier contains an one-way hashed 
value of a machine unique identifier for said client, said 
registration identifier being encrypted using a public 
key; 

decrypting said registration identifier using a private key 

that is matched to said public key to retrieve the 

one-way hashed value; 
generating a registration key based on said registration 

identifier by encrypting the retrieved one-way hashed 

value; and 

transmitting said registration key to said client. 

2. The method of claim 1 wherein said registration 
identifier further contains user payment information. 

3. The method of claim 2, further comprising decrypting 
said registration identifier to retrieve said user payment 
information. 

4. The method of claim 3, further comprising verifying 
payment using said user payment information. 

5. The method of claim 1 further comprising retrieving the 
one-way hashed value from said registration key by the 
client; and 

comparing the client retrieved one-way hashed value to a 
client generated one-way hashed value. 

6. The method of claim 1, wherein said generating further 
comprises encrypting the one-way hashed value along with 
an expiration time indicator. 

7. A method comprising: 
determining a machine unique identifier; 

generating an one-way hashed value of said machine 

unique identifier; 
encrypting said one-way hashed value of said machine 

unique identifier to generate a registration identifier 

using a public key of a server; 
transmitting said registration identifier to said server; 
receiving a registration key from the server, the registra- 
tion key contains an encrypted form of the one-way 

hashed value retrieved by the server; 
retrieving by a client the one-way hashed value from the 

registration key; and 
comparing the client retrieved one-way hashed value to a 

client-generated one-hashed value. 

8. A method comprising: 
receiving a registration key; 

storing said registration key in memory; 

retrieving a one-way hashed value of a machine unique 

identifier from said registration key; 
generating a one-way hashed value of a machine unique 

identifier from said chent; 
comparing said retrieved one-way hashed value of said 

machine unique identifier with said generated one-way 

hashed value of said machine unique identifier; and. 
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providing a software enable signal only if said retrieved 
one-way hashed value of said machine unique identifier 
is equal to said generated one-way hashed value of said 
machine unique identifier 

9. The method of claim 8, further comprising: 
retrieving an expiration time indicator from said registra- 
tion key; and, 

eliminating the provision of said software enable signal if 
said expiration time indicator indicates that said regis- 
tration key has expired. 

10. An apparatus comprising: 
a processor; 

a memory coupled to said processor and configured with 
instructions to cause said processor to: 

receive an encrypted registration identifier for a client, 
said registration identifier contains an one-way hashed 
value of a machine unique identifier for said client, said 
registration identifier being encrypted using a public 
key; 

decrypt said registration identifier iLsing a private key that 
is matched to said public key, to retrieve the one-way 
hashed value; 

generate a registration key based on said registration 
identifier by encrypting the one-way hashed value 
retrieved from said registration identifier; and, 

transmit said registration key to said client. 

11. The apparatus of claim 10, wherein said registration 
identifier contains an one-way hashed value of a machine 
unique identifier for said client. 

12. The apparatus of claim 10 wherein said registration 
identifier further contains user payment information. 

13. The apparatus of claim 12, where said memory 
contains further instructions configured to cause said pro- 
cessor to decrypt said registration identifier to retrieve said 
user payment information. 

14. The apparatus of claim 13 where said memory con- 
tains further instructions configured to cause said processor 
to verify payment using said user payment information. 

15. The apparatus of claim 10, where, to generate said 
registration key based on said registration identifier, said 
memory contains further instructions configured to cause 
said processor to encrypt the retrieved one-way hashed value 
along with an expiration time indicator. 

16. An article of manufacture comprising: 

a machine -readable medium having instructions which, 
when executed by a machine, cause the machine to 

receive an encrypted registration identifier for a client, 
said registration identifier contains a one-way hashed 
value of a machine unique identifier for said client, said 
registration identifier being encrypted using a public 
key; 
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decrypt said registration identifier using a private key that 
is matched to said public key to retrieve the one-way 
hashed value; 

generate a registration key based on said registration 
identifier by encrypting the retrieved one-way hashed 
value into the registration key; and 

transmit said registration key to said client after verifying 
payment. 

17. The article of manufacture of claim 16 wherein the 
machine-readable medium includes further instructions 
which cause the machine to process a user payment, based 
upon user payment information retrieved from the registra- 
tion identifier, before transmitting the registration key. 

18. The article of manufacture of claim 17 wherein the 
machine readable medium includes further instructions 
which cause the machine to include an expiration time 
indicator when generating the registration key. 

19. An article of manufacture comprising: 

a machine-readable medium having instructions which, 
when executed by a client machine, cause the machine 
to 

(a) determine a machine unique identifier for said 
machine; 

(b) generate a one-way hashed value of said machine 
unique identifier; 

(c) encrypt said one-way hashed value to generate a 
registration identifier using a public key of a server; 

(d) transmit said registration identifier to said server; 

(e) receive a registration key from the server, the regis- 
tration key contains an encrypted form of the one-way 
hashed value; 

(f) retrieve the one-way hashed value from the registration 
key; 

(g) determine a machine unique identifier for said 
machine and generate a one-way hashed value thereof; 
and 

(h) compare the retrieved one-way hashed value in (f) to 
the one-way hashed value in (g). 

20. The article of manufacture of claim 19 wherein the 
machine-readable medium includes further instructions 
which cause the machine to provide a software enable signal 
only if the comparison in (h) indicates that the one-hashed 
value retrieved in (f) is equal to the one generated in (g). 

21. The article of manufacture of claim 20 wherein the 
machine-readable medium includes further instructions 
which cause the machine to retrieve an expiration time 
indicator from the registration key, and not provide the 
enable signal if the expiration time indicator indicates that 
the registration key has expired. 
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[57] ABSTRACT 

A method for performing electronic transactions, comprising 
receiving a long-term certificate, authenticating a user asso- 
ciated with the long-term certificate, and then sending a 
short-term certificate to the authenticated user. In addition, 
risk associated with the user can be evaluated, and this risk 
information, as well as other information, can be included in 
the short-term certificate. 
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METHOD AND APPARATUS USING DIGITAL to use electronic banking over specialized digital networks. 

CREDENTIALS AND OTHER ELECTRONIC The present form of digital credentials, however, can support 

CERTIFICATES FOR ELECTRONIC only a minimal variety of services over specialized and 

TRANSACTIONS non-specialized networks such as the Internet. 

5 Present ways of using digital credentials (using PINs and 

CROSS REFERENCE TO RELATED passwords) are notoriously insecure, very user-unfriendly, 

APPLICATIONS and generally inadequate for electronic commerce. For 

TTiis application claims priority to Provisional application "^'^^P^'^' '^^'^ ''f '^T"'? T"'"'^!, °° "° 

Ser. No. 60/060,643, filed on Oct. 1, 1997. "^^^ paper records auditable PINs and passwords are not 

30 very useful for this purpose. In particular, they do not have 

FIELD OF THE INVENTION persistent properties as signatures do. For example, one can 

directly verify a signature post -hoc, but PINs and passwords 

The present invention relates to digital credentials and can be verified only at time of use. ^Fhe certified digital 

other electronic certificates. More particularly, the present signature can substitute for a hand -written signature, 

invention relates to a service for using digital credentials and is -j^^ importance of digital credentials is rapidly increasing 

other electronic certificates to practice commerce on a because networks are becoming more open and public, 

network. Whereas a person's identity on a closed network is known 

BACKGROUND OF THE INVENHON f"""^^. '^TT^°^"f''^ system, and privileges can be 

determined by database look-ups, such is not the case on the 

To exercise certain rights and privileges, people need to Internet, for example, 

possess or show various types of credentials. Credentials are Digitally-signed certificates have been used in electronic 

certificates such as birth certificates, Social Security Cards, payment systems that have arisen over the past five years or 

driver's licenses, membership cards, admission badges so. At least three distinct types of payment systems exist, 

charge cards, and the like that represent some certified each of which differs from the current invention in signifi- 

assertion about a person. In the case of a driver's license, an cant ways. The three systems are referred to as e-check, 

officer of the stale certifies that a specific person is licensed e-charge, and e-cash. 

to drive a vehicle. A charge card represents an assertion, e-check is designed to function in a way similar to the 

certified by some bank or other organization, that a person ^vay paper checks function. While a paper check is a signed 

has a charge account at that bank. Companies issue creden- request for a bank to pay a given amount from the payer's 

tials for their employees, usually in the form of ID badges, account to the parly that is named on the check (the payee), 

Generally, the certificate will include some means of iden- an e-check is a message requesting the same procedure, but 

tifying to whom the assertion appUes (the holder or subject jt electronically signed by the payer. The electronic 

of the credential), and who is certifying the assertion (the signature certifies, as in the case of a paper check that the 

certifier of the credential, who is often the issuer). user attests to the payment request and to the specifics of the 

In the case of a driver's license or corporate ID, the holder payee and the amount. With a paper check, the payee has the 

is typically identified by a photograph and signature speci- option of verifying the identity of the payer in person, often 

men laminated to the certificate and the certifier of the demanding one or more alternate methods of payer 

credential is usually identified by a logo, layout, and some identification, or the payee can sometimes wait until the 

other means such as a hologram. ^ check "clears" before providing value in return for the 

With the advent of electronic commerce, standard ere- check. Clearing means that the payee's bank receives pay- 

dentials have become insufficient, and the need for digital ment from the payer's bank. With an e-check system, the 

credentials has become more widespread. Digital credentials payee can also wait until the check clears from the payer's 

are electronic certificates having the property that the asser- bank, or the payee can accept the legitimacy of the payer's 

tions about the holder can be interpreted and verified by a 45 digital signamre by checking the certificate that the payer's 

computer, the certifier can be reliably recognized by a bank issues to the payer which certifies the payer's signing 

computer, and the holder's present intention to use the key. In the latter case, the payee risks the possibility that the 

credentials can be recognized by a computer (often remotely, digital signature certificate has been revoked. This risk is 

through a network). Digital credentials can use a crypto- reduced when the payee checks an electronic "Certificate 

graphic mechanism known as a digital signature. An elec- 50 Revocation List" or CRL. Nonetheless, the residual risk 

tronic document can be signed by applying a cryptographic exists that the CRL is not up to date. Additionally, the 

secret key controlled by the signer. A signature can be traditional risk exists that the payer's account may have 

verified using public information (known as the public key), insufficient funds, and the e-check will not clear. 

The verification process can use the public key to verify that E-checks use the same clearing system and clearing 

the signer's secret key was used to sign the document. The 55 networks used by paper checks. The systems and networks 

science of public key cryptography enables this. are relatively expensive to use, and when one adds the cost 

Examples of digital credentials are automatic teller of administering CRLs and the cost of processing e-checks 

machine (ATM) or bank cards. As opposed to other types of returned for insufficient funds, the use of e<hecks for 

certificates mentioned earlier, these are not usually presented relatively small payments of a few dollars or less is not cost 

to people for verification. They are normally presented to an 60 effective. In the present invention, these inefficiencies are 

ATM and ultimately to a specialized computer network. The addressed by reducing the dependency on CRLs, and by use 

relevant information regarding the certifier is digitally of a novel approach to risk management, integrating risk 

encoded on a magnetic strip and the cardholder is identified management parameters directly into a certificate, 

by a Personal Identity Number or PIN, Furthermore, the Another use of digital certificates in payment systems is 

holder's present intention to apply the rights asserted by the 65 illustrated by the Secure Electronic Transaction ("SET') 

credential (such as withdrawing money) is signified by the standard that has been proposed by MasterCard and Visa, 

holder's entry of the PIN. This ATM card allows the holder SET describes a relatively complex mechanism for making 
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a payment using certificates within the current credit card payment system, requires significant risk management mea- 

payment support infrastructure. A number of parties exist in sures. Another difficulty associated with this payment 

SET: the cardholder, the payee (or merchant), the issuing scheme has to do with recovery from errors. A communi- 

bank, the acquirer (or merchant's bank), the payment cation error can literally destroy value. For example, if one 
gateway, and optionally, "third parties" that represent one or 5 smart card sends a signed message "I have debited my value 

more of the financial institutions involved. In SET, five register by $20" to another smart card, yet the second smart 

diGferent parties have certificates. Cardholder certificates ^ard does not receive that message intact, no credit will be 

function as an electronic representation of the payment card. ^^bit. A support structure to make amends for 

Merchant certificates function as an electronic substitute for ^^^^ ^ ^^^^ required, 

the payment brand decal that appears in a store window. . ... 

n , , \ • » *u * The shortcomings With the prior art mvolve the diEQculty 

Payment Gateway certificates are used by Acquirer s or their . . , , , . .. .1 ... 

r .1, * ™ * .1 *™ *• r,»A in using credentials that have been distributed electronically 

processors for the systems that process authorization and ........ , . . 1 .1 

capture messages, in addiUon, Acquirer cerUficates and ^ ^'^^^y distributed system that acl^ a reasonable means 

Issuer certificates aid in the dLstribution of Merchant and '^l""^^ or update the credentials. For example a^ume 

Issuer certificates, respectively. In general, the various cer- ^olds a digital credential that authorizes the holder to 

tificates are used to support cryptographic keys that are used P^[f^^^^ S^^^ ^ ^^J."^ 

to provide credit card transaction messages with security ^^"^^ (^ S ' ^ ^^^^^^^^^ credit card). To use this credential, 

.'l^,,;^ o.,tK^«t.v,tT, one must go to a central database to re -verify each time the 

properties such as privacy and authenticity. . ... 

. 1, 1 u . u ,u . • 1 u J • credential is used. 
SEi IS, overall, an elaborate scheme that is described in 

the "SET Secure Electronic Payment Transaction Specifi- Within the known systems, risk management measures 

cation" published by MasterCard and Visa. The certificates ^^^^^^d to properly support payment systems, and 

involved in SET may need to be revoked for any of a number ^^f^"^ ^^^^ ^g^mst fraud. Yet the known systems do not 

of reasons such as key compromise, or change of status of contam an efficient way m which risk management is 

the party holding the certificate. In contrast to the present integrated into the payment system, 

invention, the scheme requires a certificate hierarchy, ^5 SUMMARY OF THE INVENTION 
on-hne verification procedures, and a certificate revocation 

infrastructure. Transactions require a significant amount of The present invention relates to a method and apparatus 

computation by multiple parties to complete. for using digital credentials, or certificates to facilitate 

Another use of digital certificates in payment systems is commerce on a network. In one embodiment of this 
illustrated in electronic cash (e-cash) systems where cash is 30 invention, a party wishing to act as guarantor of a transaction 
either represented by digital bearer certificates or by "value would receive long-term certificates from a consumer after 
registers" in smart cards. In the case of digital bearer the consumer logs into the network. The guarantor analyzes 
certificates, a digital signature is applied to an assertion that the long-term certificates, at least to verify the identity of the 
the certificate may be redeemed for a certain amount of cash consumer. The guarantor, after being satisfied with the 
at a certain bank or financial institution. A bank will issue 35 information presented, supplies short-term certificates con- 
certificates that can be used to verify the authenticity of the taining assertions based on information from the above 
signature on the bearer certificate. Because digital bearer analyses. The short-term certificates can then be used to 
certificates can be freely copied, a risk exists that users will purchase goods from participating merchants on a network, 
attempt to repeatedly use the same certificate. Therefore, another embodiment, merchants use the short-term 
risk management measures must be employed to ensure that 40 certificates to verify terms and conditions under which a 
each certificate is spent precisely once. Typically, either a given consumer can be billed through the guarantor. The 
smart card is used to contain the certificates and to partici- short-term certificates also certify the cryptographic public 
pate in a two party protocol that marks certificates as used, keys of consumers that are used to digitally sign statements 
or a network-based mechanism may be employed that requesting merchants to bill for goods and services pur- 
records each certificate as it is used, and allows any payee 45 chased through the guarantor. Billing records associated 
to see if the certificate tendered is being used for the first ^th purchases are forwarded to the guarantor or his agent, 
time. whereby the records are sorted by consumer identity and 

In the case of value registers in smart cards, certificates used to construct periodic statements containing many bill- 
are used to certify the keys used to verify the digital ing records that are made available to consumers who can 
signatures on messages that are exchanged between two 50 make a single payment. Detailed information about the 
software applications running on the smart cards. For purchases is thus provided to the guarantor who then helps 
example, a payer's smart card debits its value register (or merchants market goods accordingly. ITie bilUng records 
current cash balance), and signs and sends a message may contain digitally signed statements by consumers 
affirming the act to the payee. The payee, upon receiving the directing the merchant to bill through the guarantor, 
message affirming the debit can check the signature on the 55 

certificate and verify the signamre on the message. BRIEF DESCRIPTION OF THE DRAWINGS 

Multiple risks exist in this system as well. In particular, pj^, 1 illustrates a system-level block diagram of an 

the credit and debit operations must be encapsulated within embodiment of the present invention, 

smart cards or some other physically secure containers that . r lj. c 

. u J- * -u . J J • * • J T J J-.- u ij .u FIG. 2 IS a flow chart of an embodiment of a method of 
must be distributed and mamtamed. In addition, should the 60 

certificates be compromised, counterfeit c-cash can be pro- ^ presen mven ion. 

duced that is indistinguishable from e<ash that is issued by ^ illustrates an embodiment of an apparams and 

a legitimate originator. Should the physical container of a system in accordance with the present invention. 

card be compromised, then clones of that card could be t^i-t-a n r-r-. rM-oi->rnrrmi^xi 

. J .u . 1 .t. • u 1 i_ . .LI DETAILED DESCRIPTION 
created that never debit their balances but nonetheless 65 

dispense e-cash acceptable to other cards. These are called The present invention is directed to ways of using digital 

"golden goose" cards. Thus, this type of e-cash, as a credentials and other electronic certificates to practice com- 
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merce over a network. The purpose is to run a relatively 105 can send an optional query to the short-term database for 

convenient and efBcient system using a combination of both various reasons such as double<hecking the certificate's 

long-term and short-term certificates. validity in the case when the purchase amount exceeds some 

Long-term certificates, as defined here, are certificates ^br^^old stated in the short-tenn certificate. The short-term 
that contain information or make an assertion that is not s <^l^^<^^^^ are short term in the sense that they contam 

, . , ■ J f r- mformation or make assertions based on information that 

expected o change over some loag period of tunc. For ^ ^^^^ ^ ^^^^ ^.^^ 

example, long-term certificates can be used to represent a jj^J^^^^^ ^ ^^^^^ p^^^^ 

person's identity. Revocation of long-term certificates is not example, a certifier may supply a short-tenn certificate 

necessary on any large scale because the mformation con- Customer Client 104 that guaranties that the Client can 
tained in long-term certificates is relatively static and lo charge to an account the purchase of any item that costs up 

to $20, but can only be used within 24 hours after Customer 

Short-term certificates, on the other hand, hold inform a- Client 104 receives this certificate, 

tion or make assertions that may rapidly change, and there- Merchant 105 and Customer Client 104 consummate a 

fore are designed to expire after some relatively short period transaction by promising (on the part of Mert;hant 105) to 

of time. For example, short-term certificates may contain g^ppjy ^^^^ services in exchange for an affinnative 

information about a person's credit history, shopping indication on the part of the CUent that the goods or services 

history, or information about the short-term certificate's ^an be charged to a billing account maintained in BilUng 

maximum value as currency. Short-term certificates may System 106 according to and limited by the information 

make assertions about what a person is authorized to do, or provided by a short-tenn certificate. Once the short-tenn 

about agreements that they may have with other parties. certificate is received, and the transaction is completed, the 

The validity of the short-term credentials can be based on short-term certificate is sent along with an electronic record 

an individual's identity. For example, when a person logs of a bill of sale through agreed-upon channels for payment 

into a system, the person uses some means to verify identity from the certifier, or guarantor 

(using long-term credentials, for example), and then the The above-mentioned agreed-upon channels, called BiU- 
system supplies short-term credentials which say, for i^g System 106. collect billing records, and their corre- 
example, that the client is authorized to charge for com- spending short-term certificates and renders them for pay- 
merce on the world wide web for purchases the amount of ment. In addition to serving as a conduit for payment, the 
which is not to exceed some fixed amount. Typically the billing system may supply information to various sub- 
short-tenn credential can also certify cryptographic keys that systems that serve to analyze information about the trans- 
can be used for digital signatures that affirm a person's action. The Transaction Analysis 107 collects details of the 
agreement with a contract. In addition, the short-term ere- transaction. The Transaction Analysis 107 correlates differ- 
dential might contain the semantics attributed to the use of ^yp^s of purchases with different demographics of this 
the person's digital signature as well as statements of particular Customer Client 104, and then determines what 
limitations of liability. 3^ offers might be made to this particular consumer. The 

Referring now in detail to the drawings, FIG. 1 illustrates purpose of the transaction analysis is to determine patterns 

a system-level embodiment of the present invention. In this of consumer behavior so that some action may be taken. For 

system. Customer Client 104 desires to purchase goods or example, Customer Client 104 might show a pattern of 

services firom Merchant 105. To do this. Customer CUent behavior that would alert the certifier that Customer Client 

104 needs to present to Merchant 105 a form of payment that 104 is in the market for an automobile. In other words, 

will be accepted by Merchant 105. In anticipation of this, transactional information is used to belter match marketing 

Client 104 may present a long-term certificate to a certifier with consumer-behavior information, 

to access a certificate of payment called a short-term cer- Once the transactional analysis is complete, the results are 

tificate. used in Offer Management 102 to market goods or services 

The long-term certificate can be certified through known 45 to Customer Client 104, possibly by attaching ofifers to 

encryption techniques. The certifier is typically, for example, short-terra certificates in Short-Term-Certificate Database 

an internet service provider, bank, or any entity designed to 103. In this way, a type of high -gain feedback loop is 

certify credentials. The long-term certificate contains, at the completed, as can be seen in FIG. 1. 

very least, information that verifies the identity of Customer In FIG. 1, Offer Management 102 can use information 
Client 104. The long-term certificate may contain other 50 received by Risk Management System 102(fl), Loyalty 

information desired by the certifier. Once the certifier is System 102(6), and Market Partners 102(c) to determine 

satisfied by Customer Client 104' s long-term certificate what, if any, information should go into the short-term 

information, the certifier sends Customer Client 104 one or certificates along with any assertions that might be made 

more short-term certificates from the short-tenn certificate about terms and condilioas, credit limits, discounts, etc. Risk 
database 103. 55 Management System lQ2(a) can receive information from 

Short-term certificates are digital in form, and contain Billing System 106, thereby keeping data on a particular 

information stating, at least, that the certifier guaranties Customer Client's usage patterns. Risk Management System 

payment up to a certain amount of value. In addition, the 106 can then analyze the information supplied by Billing 

short-term certificate can contain marketing information. System 106, and alert the certifier as to how much risk 
For example, a short-term certificate can tell a participating 60 should be taken with regard to a particular Customer Client, 

merchant that goods and services may be charged by the For example. Risk Management System 102(fl) can alert the 

chent named in the certificate to a specific account, through certifier to change the credit limit, either up or down, for a 

an agreed-upon channel, for up to the amount of S20. In particular Customer Client. Ihe system also can determine 

addition, the short-term certificate may contain information whether or not the recent usage patterns of a person are 
that instructs Merchant 105 to apply a 20% discount to the 65 indicative of fraud or other misuse (that may have resulted 

cost of the goods supplied to the bearer of this short-term from a key management compromise whereby a consumer's 

certificate. Upon receiving a short-term certificate, Merchant identity certificate and secret key have been compromised). 
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This ioformation passed between Billing System 106, Risk number of acquired consumer points based on the loyalty- 
Management System 102(fl), and the certifier can be updated system analysis; and the certificate can contain offers 
and analyzed arbitrarily quickly, possibly on a daily basis. (including incentives) to the consumer based on the mar- 
This rapid response obviates the need for use of certificate keting analysis. 

revocation lists. 5 When a consumer desires to make a purchase from a 
BiUing System 106 can also supply information to Loy- Participating merchant, he or she presenls through the net- 
1. o ? tAi/i.\ T u c * iA->/L\ * .™ work one or more short-term certificates. The merchant can 
alty System m(b). loyalty Systein 102(t) is a system ^ short-term certificate, and determine any guar- 
whereby consumers are rewarded for regular use of a ^^^^^^ ^ alternative methods of 
particularmerchant.Anexampleofaloyaltysystenaisfound j ^^^^ ^ j j -^^^ discounts or other 
m frequent-flier programs. Loyalty System 102(6) can col- lO ^jj^-^g^jg^^tg^ ^^^^ appropriate adjustments to the 
lect and analyze mformation, and then supply this mforma- consumer's bill of sale. The merchant's final price, terms, 
tion to the certifier's Offer Management 102 so the certifier conditions for a sale as part of a bill-of-sale, are 
can tailor its marketing through Offer Management 102 forwarded to the consumer, who will indicate acceptance, 
accordingly. In particular, the Offer Management process g^d make the purchase through some afBrmative act (that 
can author assertions to be inserted into the short-term ^5 j^^y required by a condition stated in the short-term 
certificates that declare that loyalty points are available to certificate) such as signing the bill of sale with a digital 
pay for purchases from participating merchants. Such a signature whose verification key is certified by the short- 
merchant can thus accept payment ostensibly in loyalty certificate. 

points, but the merchant can be remunerated through the Ultimately, the certifier can collect for the goods or 
billing system in cash or other consideration upon present- 20 ^^^^ furnished guaranteed by creating a bUling record 

mem of a certificate-backed, signed purchase agreement. containing references to sending the biU of sale and the 

This system offers an advantage over other loyalty systems ghort-term certificate obtained from the user, and forwarding 

because one purpose of a loyalty system is to reinforce good ^^^^-^^ ^^^^^^ ^^^^^^^ ^ ^^^^^^ billing channel to the 

behavior by rewarding the user, and this system can reward ^^^^^^^ ^^^^^^^ ^^^^ ^^U^^t ^-^y^^^ ^^^^ 

the user arbitrarily rapidly. associated with a specific user and present them to the user 

Market Partners 102(c) can enter into agreements with a statement. For example, if the certifier is a telephone 

certifiers to help the certifier tailor its marketing through company, the telephone company can bill the user for 

Offer Management 102. The idea is to capture the value of amounts as stated in the short-term certificate by using the 

transactional information without severely impacting the user's regular monthly telephone bill, 

consumer's privacy. Market Partner 102(c) provide infor- pjQ 3 g^ows an embodiment of an apparatus in accor- 

mation to the system about what Market Partner 102(c) ^j^nce with the present invention. The apparatus includes 

desires in a consumer. This information might be a demo- processor 301, memory 302 that stores instructions adapted 

graphic profile, a consumer-behavior profile, etc. For to be executed by processor 301, and port 303 adapted to be 

example. Market Partner 102(c) can tell the certifier that it connected to a network, with both port 303 and memory 302 

wishes to target people who arc shopping for new cars. Offer coupled to processor 301. Memory includes any medium 

Management 102 then correlates the needs of Market Part- capable of storing instructions adapted to be executed by a 

ner 102(c) with the information it contains about the con- processor. Some examples of such media include, but are not 

s™^^- limited to, floppy disks, CDROM, magnetic tape, semicon- 

FIG. 2 is a flow chart of a process in accordance with an ductor memory, hard drives, and any other device that can 

embodiment of the present invention. In its most basic form, store digital information. In one embodiment, the instruc- 

long-term certificates, or some other proof of identity are lions are stored on the medium in a compressed and/or 

received by the certifier at step 200. At step 201, the certifier encrypted format. As used herein, the phrase "adapted to be 

then analyzes the information presented in the long-term executed by a processor" is meant to encompass instructions 

certificate and then, at step 202, supplies, from a short-term- stored in a compressed and/or encrypted format, as well as 

certificate database, short-term certificates that can be used instructions that have to be compiled or installed by an 

as instruments to purchase goods from merchants on the installer before being executed by the processor, 

network. In one embodiment of the present invention, memory 302 

In addition to receiving long-term certificates, the certifier stores instructions adapted to be run on processor 301, to 
may receive, at step 203 information from a biUing system, jq receive information, analyze that information, and then 

at step 204 information from a market partner, and at step supply short-term certificates the character of which depends 

205 information from a loyalty system. on the results of the analysis. The information received and 

The short-term certificate can contain a maximum value analyzed can come from market partners, a billing system, 

for which certifier wiU act as guarantor upon presentment by a loyalty system, and from long-term certificates supplied by 
a merchant. In addition, the short-term certificate can con- 55 a consumer. 

tain information about offers to the consumer, incentive As explained in detail above the invention increases 
programs, or loyalty programs. efiSciency and productivity of commerce on a network. By 
As stated above, various subsystems, such as a risk using digital credentials and other digital certificates, micro- 
management system, a loyalty system, or a marketing sys- billing becomes more feasible by decreasing transaction 
tem can be interposed between the certifier and the mer- 60 costs, limiting risk, and allowing for easily updated creden- 
chant. The short-term certificate can contain infonmation tials. 

reflecting, for example, the risk-management analysis with Although various embodiments arc specifically illustrated 

regard to a consumer, the loyalty-system analysis with and described herein, it will be appreciated that modifica- 

regard to a consumer, or the marketing analysis with regard tions and variations of the present invention are covered by 
to the consumer. For example, the short-term certificate can 65 the above teachings and within the purview of the appended 

contain a limit on the certificate's guaranty limits based on claims without departing from the spirit and intended scope 

the risk-management analysis; the certificate can contain a of the invention. 
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What is claimed is: 

1. A method for performing an electronic transaction, 
comprising: 

(a) receiving a long-term certificate; 

(b) authenticating a user associated with the long-term ^ 
certificate; 

(c) sending a short-term certificate to the user authenti- 
cated in (b), the short-term certificate containiug autho- 
rization to perform commerce over a network. 

2. The method of claim 1, further comprising: 

(d) evaluating a risk associated with the user; and 

(e) including in the short-term certificate information 
about the risk associated with the user. 

3. The method of claim 2, wherein the risk associated with is 
the user is reflected in an upper limit on the short-term 
certificate's value. 

4. The method of claim 1, further comprising: 

(d) receiving information about the user's spending his- 
tory; and 20 

(e) including in the short-term certificate information 
based on the user's spending history. 

5. The method of claim 4, wherein the information about 
a user's spending history includes marketing offers. 

6. The method of claim 1, further comprising: 

(d) receiving from a market partner information about the 
market partner's needs; and 

(e) including in the short-term certificate information 
about the market partner's needs. 30 

7. The method of claim 6, wherein the information about 
a market partner* s needs includes marketing offers. 

8. The method of claim 2, further comprising: 

(f) receiving, information about the user's spending hab- 
its; and 35 

(g) including in the short-term certificate information 
about the user's spending habits. 

9. The method of claim 2, further comprising: 

(f) receiving from a market partner information about the 
market partner's needs; and 

(g) including in the short-term certificate information 
about the market partner's needs. 

10. TTie method of claim 4, further comprising: 

(f) receiving from a market partner information about the 45 
market partner's needs; and 

(g) including in the short-term certificate information 
about the market partner's needs. 

11. The method of claim 8, further comprising: 

(h) receiving from a market partner information about the 50 
market partner's needs; and 

(i) including in the short-term certificate information 
about the market partner's needs. 

12. The method of claim 1, further comprising: 

(d) billing the user through a regular billing channel 
between the certifier and the user. 

13. The method of claim 12, wherein the regular billing 
channel is a telephone bill. 

14. The method of claim 12, wherein the regular billing 
channel is a credit-card bill. 

15. The method of claim 8, further comprising: 

(h) billing the user through a regular billing channel 
between the certifier and the user. 

16. The method of claim 11, fiirther comprising: 55 
(j) billing the user through a regular billing channel 

between the certifier and the user. 
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17. An apparatus for practicing commerce on a network, 
comprising: 

(a) a processor; 

(b) a port coupled to said processor; and 

(c) a memory, also coupled to said processor, storing 
instructions adapted to be executed by said processor to 

(i) receive a long-term certificate; 

(ii) authenticate a user associated with the long- term 
certificate; and 

(iii) send short-term certificates to the user authenti- 
cated in (ii), the short-term certificate containing 
authorization to perform commerce over a network. 

18. The apparatus of claim 17, farther comprising: 

(d) a memory storing instructions adapted to be executed 
by said processor to 

(i) evaluate the risk associated with the user; and 

(ii) include in the short-ienm certificate information 
about the risk associated with the user. 

19. The apparatus of claim 18, wherein the risk associated 
with the user is reflected in an upper limit on a value of the 
short-term certificate. 

20. The apparatus of claim 17, further comprising: 

(d) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive information about the user's spending his- 
tory; and 

(ii) include in the short-term certificate information 
based on the user's spending history. 

21. The apparatus in claim 20, wherein the information 
about the user's spending habits includes marketing offers. 

22. The apparatus of claim 17, further comprising: 

(d) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive from a market partner information about the 
market partner's needs; and 

(ii) include in the short-term certificate information 
about the market partner's needs. 

23. The apparatus of claim 22, wherein the information 
about the market partner's needs includes marketing offers. 

24. The apparatus of claim 18, further comprising: 

(e) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive information about the user's spending hab- 
its; and 

(ii) include in the short-term certificate information 
about the user's spending habits. 

25. The apparatus of claim 18, further comprising: 

(e) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive from a market partner information about the 
market partner's needs; and 

(ii) include in the short-term certificate information 
about the market partner's needs. 

26. The apparatus of claim 20, further comprising: 

(c) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive from a market partner information about the 
market partner's needs; and 

(ii) include in the short-term certificate information 
about the market partner's needs. 

27. The apparatus of claim 24, further comprising: 

(e) a memory storing instructions adapted to be executed 
by said processor to 

(i) receive from a market partner information about the 
market partner's needs; and 
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(ii) include in the short-term certificate information 
about the market partner's needs. 

28. A computer- readable medium that stores instructions 
adapted to be executed by a processor to perform the steps 
of: 

(a) receiving a long-term certificate; 

(b) authenticating a user associated with the long-term 
certificate; 

(c) sending a short-term certificate to the user authenti- 
cated in (b), the short-term certificate containing autho- 
rization to perform commerce over a network. 

29. The computer-readable medium of claim 28, further 
comprising 

(d) evaluating the risk associated with the user; and 

(e) including in the short-term certificate information 
about the risk associated with the user. 
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30. The computer-readable medium of claim 28, further 
comprising: 

(d) receiving information about the user's spending his- 
5 tory; and 

(e) including in the short-term certificate information 
about the user's spending history. 

31. The compute r-re ad able medium of claim 28, further 
jQ comprising: 

(d) receiving from a market partner information about the 
market partner's needs' 

(e) including in the short-term certificate information 
15 about the market partner's needs. 



03/12/2004, EAST version: 1.4.1 



